Are you aware of all vulnerabilities in your production environment susceptible to cybercrime? Do you have full insight into your assets? We are more dependent on operational technology (OT) than we often realize. A cyber-attack on an operational environment or service can seriously damage not only the operation itself, but also the entire production and supply chain and even affect society as a whole. All the more reason to (re)consider potential vulnerabilities of assets and OT environment.

CGI delivers two programs that help increase OT security awareness and resilience.

First of all, an assessment program with focused around organizational maturity, the technical implementation of security based on industry standards, network security and risks impacting business against the background of the current threat landscape. The purpose of this program is to gain insight into the vulnerabilities on all fronts. They are concluded with a report covering mitigating measures, the priorities therein (the 'low hanging fruit') and the steps that can be taken.

The second program focuses on the actual risk mitigation and optimization of operations, including the way governance is set up in the organization, security awareness training, the construction of a security-oriented architecture and its implementation. Security monitoring is the final piece; After all, cyber criminals never sleep.

Collaboration is key

When implementing OT security, CGI is focused on collaboration with clients and partners such as Nozomi Networks and Fortinet. Just like CGI experts, the specialists from these partners understand how OT environments work and what is needed to optimize security and resilience. In principle, CGI has an 'agnostic' approach: collaboration with all kinds of parties is therefore possible, including with existing partners of clients or other technology suppliers relevant to the specific security challenge. As long as the goal is the same: 'get clean and stay clean'.

CGI in OT / ICS Cybersecurity

As OT security is starting to gain importance and attention, more and more security service providers are also appearing. The majority of these providers comes from the IT side of the market that is now highly developed. Such service providers certainly have knowledge of cybercrime and security. But securing an OT environment requires a substantially different approach than that of an IT environment.

CGI has this in place as major system and service integrator for the manufacturing industry, as a supplier of Manufacturing Execution Systems, for implementation, optimization, management and support of mission-critical installations. With our Manufacturing Center of Excellence we can demonstrate our in-depth experience with complex process environments, with the hands-on culture on the shopfloor and with the major stakes and investments that assets represent, understanding and respecting existing context and goals. What certainly helps is CGI's global presence with local offices. At a local level it is easier to connect to the needs, requirements and relevant regulations. At the same time, a lot of expertise can be brought in from countries that are already more strictly regulated when it comes to OT cybersecurity, such as Canada, the United States and France.

Cross-sector domain knowledge

Last but not least: CGI brings cross-industry domain knowledge. We serve clients in transport and logistics, utilities, defense, national and local governments with their critical assets and infrastructures. We are a prominent player in food & feed, high tech, chemicals and pharma. All this knowledge and experience come together for the asset-intensive industry, manufacturing companies and service providers looking to permanently protect their OT.